The Application is available for surgeons in Australia and the United Kingdom only.
1. Who we are
Controller and Processor: We are the data controller for the data relating to the User that is shared via our website or the Application, and a data processor for the Patient Data that you upload onto the Application.
2. Personal information
Personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
The types of personal information we may collect about you include:
2.1) As a User of our Application:
- your username and password;
- your name;
- your contact details, including email address, street address, and/or telephone number;
- your sensitive information as set out below;
- your credit card and other payment details (through our third-party payment processor);
- your employer, qualifications, and job title;
- the Data you upload;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, and/or browsing behaviour;
- your preferences and/or opinions;
- information you provide to us, including through feedback, customer surveys, or otherwise;
- details of products and services we have provided to you and/or that you have enquired about, and our response to you;
- support requests submitted to us and our response to you;
- information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated social media platforms, and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party.
2.2) As a Patient, whose Data is shared on our Application
The Data uploaded by the User on the Application (in order to share Data with other medical practitioners) which may include information, images, documents, or videos pertaining to:
- any medical condition or medical history of the Patient;
- any procedure completed on the Patient;
- the Patients age, gender, ethnicity, lifestyle habits, and sexual orientation;
- prescription records;
- notes (and other forms of communications);
- diagnostic records;
- your observations of the Patient, including any clinical notes;
- any images you upload of the Patient; and
- general health information on the Patient, (Patient Data).
Sensitive Information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information, or biometric information.
3. Sensitive Information we Collect
3.1) Sensitive information on or concerning the User:
We do not actively request sensitive information about the User. If at any time we need to collect sensitive information about the User, unless otherwise permitted by law, we will first obtain the Users consent and we will only use it as required or authorised by law.
3.2) Sensitive information on or concerning the Patients:
- We collect the Data/Patient Data which is considered sensitive information in relation to the Patient’s health and biometric information;
- You acknowledge and confirm that you have the necessary consents from your Patients for us to process sensitive information relating to the Patients, based on the Data you upload and that:
- this information is used for research and data analytics in accordance with the privacy laws and all other applicable laws within the jurisdiction of the Commonwealth of Australia, the data protection laws of the United Kingdom and in accordance with the Terms and Conditions, however, the User warrants that it will ensure that our use of the Patient Data is in compliance with all local laws applicable in the relevant jurisdiction in which the User operates with respect to privacy, data storage and sharing and applicable medical regulations;
- the User warrants that it will obtain the Patient’s express consent in relation to its use of the Services in uploading the Data to the Application and its use of the Services, as well as our use of the Patient Data for the purpose of the research and data analytics in accordance with the Terms and Conditions. If a Patient does not agree to this collection, the User must not upload the Patients Data on the Application (for any purpose) without obtaining our prior written consent; and
- Our use of Data is also based upon the User warranty that it will ensure that such compliance is in accordance with all local laws applicable in the relevant jurisdiction in which it operates and/ or uploads the Data with respect to privacy, data storage and sharing, and applicable medical laws and/ or regulations.
4. How we collect Personal Information
We collect personal information in a variety of ways, including:
- Directly: We collect personal information which the User directly provides to us. For example, this includes when the User registers for an account, when the User shares Data through the Application, through the ‘contact us’ function on our Application, and when the User or Patient requests our assistance via email, or over the telephone.
- Indirectly: We may collect personal information which the User or Patient indirectly provides. For example, in emails, over the telephone and in online enquiries.
5. Why we collect, hold, use and disclose personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the Services and provide access to the Application.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your explicit consent (and require you to obtain the explicit consent of your Patients) when (i) collecting and processing sensitive data (such as the health information described above); and (ii) before sending third party marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
As a User of our Application:
- to enable the User to access and use our Services, including to provide the User with a login and to make available to the User all relevant data shared on the Application by the User thereon;
- to contact and communicate with the User about our Services, including in response to any support requests the User lodges with us on the Application or any enquiry the User makes with us via other means;
- for internal record keeping, administrative, invoicing, and billing purposes;
- for analytics, market research, and business development, including operating and improving our Services and associated applications;
- for advertising and marketing, including sending promotional information about our products and services and other information that we consider may be of interest to the User;
- to comply with our legal obligations and resolve any disputes that we may have; and
- if otherwise required or authorised by law.
We only collect, hold, use and disclose sensitive information for the following purposes:
- any purposes that the User and/ or Patient consent to;
- our collection of Patient Data for data analytics and research (as agreed to in the Praccelerate Terms and Conditions for the Application);
- for the storage and communication of Patient Data, including the transfer of Patient Data to our third-party storage providers;
- secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to provide our Services to the User;
- to contact emergency services, or to speak with the User or Patients family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person (including a Patient) and it is impracticable for us to obtain the User or Patient’s consent; and
- if otherwise required or authorised by law.
Marketing: For our Users in the United Kingdom, our lawful grounds for processing your personal data to send you marketing communications is either your consent or our legitimate interests (to grow our business). Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase of our services or asked for information about us and our services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing email from us at any time.
6. Our disclosures of personal information to third parties
We may disclose personal information to third-party service providers for the purpose of enabling them to provide their services to us, including (without limitation):
- our employees, contractors, and/or related entities;
- our existing or potential agents or business partners;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third-party service providers who assist with the administration of our services to you, including Stripe who provide payment processing services;
- third parties to collect, store, process, and/or crash report Data such as Google Firebase, Sentry or other relevant analytics businesses; and
- any other third parties as required or permitted by law, such as where we receive a subpoena.
We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.
7. Overseas disclosure
- We may store personal information overseas, including in the United States of America (for data storage purposes) and in relation to our UK Users we will process both User and Patient Data in Australia (where our services are provided from).
- Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information outside of Australia and the United Kingdom, including but not limited to, the United States of America.
- Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose the User and/or Patient’s personal information to countries with laws that protect your personal information in a way that is substantially similar to the Australian Privacy Principles/UK data protection requirements and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles/ UK data protection requirements.
- United Kingdom Users: Your use of the Services and Application will involve a transfer of your personal data (and your Patients Data) outside of the United Kingdom to Australia and the United States of America. Whenever we transfer data out of the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring an appropriate safeguard is implemented. For the data transferred to us in Australia we agree an ICO International Data Transfer Agreement (IDTA) with each User. For the data transferred to the United States of America, we have entered into EU standard contractual clauses (with a UK Addendum) with Google LLC for the sub-processing of User and Patient Data. Both of these documents are UK GDPR compliant and ensure the safe and secure transfer of your data to these service providers and ensure a similar degree of protection that your data has in the UK. Please contact us if you want further information about how we transfer your data out of the United Kingdom.
8. Your rights and controlling your personal information
- Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
- Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information (unless you are in the United Kingdom, in which case no fee will be applicable (provided your request is not repetitive or excessive). Please note, that in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.
- Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.
- Erasure: If you are a User in the United Kingdom, you may request us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing: If you are a User in the United Kingdom, you may object to our processing of your data if there is something about the particular situation which makes you want to object to processing if you feel it impacts your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrise your rights and freedoms.
- Request restriction of processing: If you are a User in the United Kingdom, you are able to ask us to suspend the processing of your data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent: where we are relying on consent to process your personal data, you may withdraw your consent at any time. If you withdraw your consent, we may not be able to provide certain services to you and your use of the Application may be affected. We will advise you if this the case at the time you withdraw your consent.
- Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, then Australian Users also have the right to contact the Office of the Australian Information Commissioner, and UK Users can contact the UK Information Commissioners Office.
If you wish to exercise any of the above rights, please get in touch with us. We may need specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to response to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we ill notify you and keep you updated.
9. Storage and security
- We are committed to ensuring that the personal information we collect is secure.
- In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss, and unauthorised access, modification, and disclosure.
- We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.
10. Data Retention
We will only retain User Data and your Patients Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of (i) providing the Services and Application to you; and (ii) satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Typically, we store the User Data and Patient Data on the Application until the User deletes the data from the Application. Back-up data of the User and Patient Data stored on the Application is deleted after two months.
To determine the appropriate retention period for data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our users for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data – see your legal rights in section 8 above for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.
- Cookies are a small amount of data generated and placed in your device to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise a returning User on the Application.
- If and when you choose to provide our Application with personal information, this information may be linked to the data stored in the cookie.
- You can block cookies on your browser by activating the setting on the browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Application.
12. Links to other websites
13. Use of API Services
- We use third party Application Programming Interface (API) Services (including, for example, Google, Stripe, and Sentry). We do not use APIs to access personal data or to transfer personal information.
- We do not transfer any personal information to any API’s. We only transfer data such as device types and operating systems versions as necessary to provide or improve our Services or as necessary to comply with applicable law or as part of a merger, acquisition or sale of assets where we notify you of this.
- We may develop our own API in the future (our API). You agree and acknowledge we may transfer all personal and sensitive information (in an anonymised form) to our API, without any further disclosure or notification to you.
For any questions or notices, please contact us/our Privacy Officer/DPO at:
Praccelerate Pty Ltd T/A Praccelerate ABN 69 653 698 901
Last update: August 2023.
© LegalVision ILP Pty Ltd